Ansible Can't SSH When SSH Communicator Uses Password

[ghost]

This issue was originally opened by @guybarzi as hashicorp/packer#10639. It was migrated here as a result of the Packer plugin split. The original body of the issue is below.

---

Hi,

I'm trying to provision an Ubuntu 18.04.5 machine with ansible provisioner after building it with vsphere-iso.

However, Ansible can't SSH to the machine, it prompts the following error:

fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '10.0.0.1' (ECDSA) to the list of known hosts.\r\nLoad key \"/tmp/ansible-key305487509\": invalid format\r\nuser@10.0.0.1: Permission denied (publickey,password).\r\n", "unreachable": true}

After looking into the problem a little bit, it seems that the problem is that the key file created is empty. I do use the ssh_password for the SSH communicator instead of a key file. When I insert ansible_ssh_pass as an extra argument for ansible, everything works. However, I think it should work automatically, even with ssh_password.

I would appreciate help in fixing this issue or telling me what I did wrong if the problem is on my end.

Here is the configuration associated with the issue:

source "vsphere-iso" "ubuntu_18_04_5" {
    CPUs                    = 1
    RAM                     = 1024
    boot_command            = ["<enter><wait><f6><wait><esc><wait>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
                               "<bs><bs><bs>",
                               "/install/vmlinuz",
                               " initrd=/install/initrd.gz",
                               " priority=critical",
                               " locale=en_US",
                               " file=/media/preseed.cfg",
                               "<enter>"]
    boot_order              = "disk,cdrom"
    cluster                 = var.cluster
    convert_to_template     = true
    datacenter              = var.datacenter
    datastore               = var.datastore
    disk_controller_type    = ["pvscsi"]
    floppy_files            = [var.preseed_path]
    folder                  = var.vm_folder
    guest_os_type           = "ubuntu64Guest"
    host                    = var.host
    insecure_connection     = true
    iso_checksum            = "sha256:8c5fc24894394035402f66f3824beb7234b757dd2b5531379cb310cedfdf0996"
    iso_url                 = "http://cdimage.ubuntu.com/releases/18.04/release/ubuntu-18.04.5-server-amd64.iso"
    network_adapters {
        network = var.network
        network_card = "vmxnet3"
    }
    storage {
        disk_size = "10240"
        disk_thin_provisioned = true
    }
    vcenter_server          = var.vcenter
    username                = var.vcenter_user
    password                = var.vcenter_password
    ssh_username            = var.ssh_user
    ssh_password            = var.ssh_password
    vm_name                 = "Ubuntu_18_04_5-Packer"
    notes                   = "Packer™ Created"
}

build {
    sources = ["source.vsphere-iso.ubuntu_18_04_5"]
    provisioner "ansible" {
        playbook_file = "ubuntu_18_04_5/playbook.yml"
        keep_inventory_file = true
        use_proxy = false
        ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
    }
}

Thanks in advance!

[njpaul]

Same experience here.

Packer version: 1.7.3
Ansible version: 2.10.5
Python version: 3.6.9

[JMLX42]

Same problem here.

Packer 1.7.5
Ansible Core 2.11.5
Python 3.9.7
Fedora 34

That workaround works though.

[Alexander-Giaquinto]

Same issue here. The workaround is not business friendly.

[puppetmaster]

I used this "very dirty" but effective workaround ...

provisioner "ansible" {
    playbook_file = "${path.cwd}/provisionning/${var.name}/playbooks/${var.name}.yaml"
    ansible_env_vars = [
      "ANSIBLE_SSH_ARGS='-oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedKeyTypes=ssh-rsa'",
      "ANSIBLE_HOST_KEY_CHECKING=False"
    ]
    user="${local.ssh_user}"
}

[Alexander-Giaquinto]

@puppetmaster Yes, I used a similar approach. Best solution I found, that pleases business environments, is to build an image with packer first because packer has the ansible provisioner built it, then call that image in my terraform build whether it is AWS, proxmox, vmware etc. Then have ansible scripts set up for any extra needed configuration management. I know this requires more code, but the process is a little smoother.

[Y4suyuki]

I had the same problem recently and I found aws ec2 inventory plugin for ansible could be a solution.
https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_ec2_inventory.html

I found this from my private repo created 3 years ago, so not sure this is relevant today.

working example.
https://github.com/Y4suyuki/whisper-server/blob/main/aws_ec2.yml